Gift cards (both physical or digital) and prepaid cards have always been a favorite target among fraudsters. Gift card scams are so widespread that the Federal Trade Commission (FTC), IRS, and even the Social Security Administration routinely warn consumers about the threat posed by gift card scams. While the individual consumer needs to be wary of gift card scams, so should online retailers and other enterprises that utilize gift cards. For those online retailers and enterprises, gift cards present an opportunity for scammers to use them for fraudulent purposes.
What eCommerce Should Know About Gift Card Fraud
Gift card fraud is appealing to the fraudsters because it is as easy as stealing cash without the need to go through any authentication. It not only disrupts the shopping experience of the consumers, it also damages the brand reputation of the retailer. While gift card scams, and the fraudsters behind them, usually get the headlines during the holiday season, these scams remain a year-long issue that need to be defended against.
Both physical and digital gift cards provide fraudsters with an easy money-making proposition, as the chances of prosecution are slim—owing to the low monetary value on each card. That said, while the dollar values attached to each card may be low, when committed at scale using bots, gift card fraud can run into millions of dollars.
What makes gift card fraud uniquely challenging is the fact that it is difficult to trace, which affords fraudsters the anonymity to abuse them. Fraudsters use botnets to brute force attacks on gift card websites by testing thousands of card numbers and PIN combinations per minute. They also use bots and sweatshops to continually check card balances and redeem them.
Fraudsters and cybercriminals can hack into a user account and abuse the auto-load feature to drain the account of the funds. Once fraudsters are successful in their account takeover attempts, they can redeem the credit card points by requesting a digital gift card and escaping with the money undetected. This is because gift cards do not require the kind of authentication that a credit card or a bank account would.
5 Common Gift Card Fraud Tactics
Cybercriminals and scammers can get creative when it comes to committing fraud and scamming enterprises and consumers alike out of hard-earned money. Regarding fraud prevention with gift cards, understanding some common tactics is always helpful. Here are five common tactics fraudsters can use gift cards to steal from unsuspecting consumers and defraud enterprises:
1. Physical gift card tampering
In this instance, fraudsters copy the card’s barcode numbers and activation codes directly from store racks. Once the card is bought and activated by a legitimate customer, the fraudster can use it.
2. Buying gift cards with stolen credit cards
This is often viewed as the most simple method of gift card fraud where fraudsters use stolen credit card details to buy gift cards online, exhaust their value, or resell them before a chargeback request is made by the victim.
3. Gift card number theft
Fraudsters can hack into a gift card company’s database to steal gift card numbers and their activation codes. They often use brute force, malware, or phishing to access the database. Fraudsters can then monitor the gift card account’s activity on the retailer’s online portal, and once the card is bought and activated, they steal the money.
4. Social engineering attacks
Fraudsters may pose as a representative from an enterprise or government agency and trick the victims via email, phone call, or text message into paying for something by loading money onto a gift card. Once the card has funds on it, the caller/scammers then ask the victim to share the card’s information, like the barcode or PIN numbers. Once they have that information, fraudsters can use the card like it is their own.
5. Gift card refund
This method takes advantage of an enterprise's commitment to customer service. Fraudsters make purchases using stolen credit card details and then return the product requesting the refund to a gift card. In this instance the enterprise or merchant loses twice - both the transaction amount and the chargebacks - for the scam while the fraudster has a gift card that can be monetized fairly easily.
How Online Retailers Can Protect Against Gift Card Scams and Fraud While Maximizing Their ROI
Online retailers must be extra wary because fraudsters will try to take advantage of the growing number of online shoppers. They must take an approach to fraud protection that focuses adequate attention on protecting their customers, and themselves, from gift card scams. Online retailers and enterprises must deploy appropriate countermeasures that not only deter fraudsters from attempting to attack but also offer a seamless user experience and provide enterprises an opportunity to maximize their return on investment. This is possible only when retailers can discern authentic users from fraudsters and use targeted friction to stop malicious users.
The time has passed for fraudsters to profit from gift card scams. Enterprises can incorporate Arkose Labs into any touchpoint to detect fraudulent traffic, such as login flow or new account registration. By utilizing Arkose Labs' innovative in-session authentication, combining real-time risk classification with interactive challenges like Arkose MatchKey, enterprises save in the long run through more effective fraud detection and prevention.
Find out more about how Arkose Labs can help your enterprise fight gift card scams and book a demo today.
Don't miss our upcoming webinar "Uncovering Gift Card Scams: What Enterprises Need to Know" on Jan 25.
- What eCommerce Should Know About Gift Card Fraud
- 5 Common Gift Card Fraud Tactics
- 1. Physical gift card tampering
- 2. Buying gift cards with stolen credit cards
- 3. Gift card number theft
- 4. Social engineering attacks
- 5. Gift card refund
- How Online Retailers Can Protect Against Gift Card Scams and Fraud While Maximizing Their ROI